webforuser stinks

my internet homepage has been hijacked by webforuser.com I have tried everything under the sun; winpatrol, adaware, spybot, mcafee(which let it in), microsoft antispyware, hijackthis, they all find it, but can't remove it or stop it from changing the homepage, I have turned off restore and tried them, nothing works. I found the exe file "iaw.exe" can't delete it, it comes back. anyways here is my hijackthis log, please tell me how to fix this besides formating the hd

Logfile of HijackThis v1.99.1
Scan saved at 3:56:33 PM, on 4/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\WINDOWS\system32\LxrJD31s.exe
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
F:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\GWMDMMSG.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\system32\SK9910DM.EXE
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
F:\WINDOWS\svshost.exe
F:\WINDOWS\msqdevl.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\mservice.exe
F:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
F:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
F:\WINDOWS\stisvsq.exe
F:\WINDOWS\lssas.exe
F:\WINDOWS\wanmpsvc.exe
F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
F:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
F:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
F:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
F:\WINDOWS\system32\hpoipm07.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\DOCUME~1\TERRYS~1\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webforuser.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webforuser.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - F:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: IE SP2 AddOn - {3EABE8F9-C24C-487D-8AA6-ACC9BEDA6880} - F:\WINDOWS\System32\spkzq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - F:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - F:\WINDOWS\System32\ie2cltr.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MPFTray] F:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] F:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] F:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] F:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [HijackThis startup scan] F:\DOCUME~1\TERRYS~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe /startupscan
O4 - Startup: Hewlett-Packard Recorder.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet d series\FRU\Remind32.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - F:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F73D44D8-8920-45EC-B816-2008D957E50C}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - F:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - F:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - f:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - F:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - F:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - F:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - F:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe

:tazz:

#1
terrysproblem

Posted 19 April 2005 - 02:19 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us